<%
'--------------------------------------------------------------------------------------------
'Questa funzione serve a controllare che i file singoli non siano
'richiamati dal browser ma solo da OpenAsp, nel caso in cui il browser tenta di aprire tali file
'l'utente viene subito rimandato alla homepage del sito
'splitto la stringa SQL per recuperare la pagina che si cerca di aprire
i = split(request.ServerVariables("HTTP_URL"), "/")
'confronto il nome del modulo con la funzione Ubound che mi restituisce il massimo
'valore dell'array, quindi il nome della pagina richiesta dall'utente, se coincidono
'rimando alla index
if strComp("testnews.asp", i(Ubound(i)), 1) = 0 then
  response.redirect request.servervariables("HTTP_REFERER")
end if
'RECUPERO LE CONFIGURAZIONI PRINCIPALI PER IL MODULO NEWS

'avvio la connessione
strSQL = "SELECT * FROM TB_NEWS_CONFIG"
Set tbNews = addConn.Execute(strSQL)

'recupero le variabili
NEWS_HOME = tbNews("NEWS_HOME")
NEWS_DESC_MAX = tbNews("NEWS_DESC_MAX")
NEWS_COMM_MAX = tbNews("NEWS_COMM_MAX")
NEWS_TOT_PAGE = tbNews("NEWS_TOT_PAGE")

Set tbNews = Nothing


'FUNZIONE PER ESTRARRE IL NUMERO DI VOTI DI UNA DETERMIANTA NEWS
Function voti(id)
 Set votoRS = addConn.Execute("SELECT * FROM TB_NEWS_RANK WHERE IDnews=" & id)
 if NOT votoRS.EOF then
  voti = votoRS("voto")
  if voti = "" then voti = 0
 else
  voti = 0
 end if
Set votoRS = Nothing
end function

'FUNZIONE PER ESTRARRE IL NUMERO DI COMMENTI PER UNA DETERMINATA NEWS
Function commenti(id)
 cont = 0
 Set votoRS = addConn.Execute("SELECT * FROM TB_NEWS_COMMENTI WHERE IDnews=" & id)
 if NOT votoRS.EOF then
  Do while NOT votoRS.EOF
   cont = cont + 1
   votoRS.MoveNext
  Loop
  commenti = cont
 else
  commenti = 0
 end if
Set votoRS = Nothing
end function

function isNewsMod(user, cat)
	if user <> "" and cat <> "" then
		if isNumeric(user) and isNumeric(cat) then
			set testRS = addConn.Execute("SELECT * FROM TB_NEWS_MOD WHERE IDutente = " & user & " AND IDcateg = " & cat)
			if not testRS.EOF then
				isNewsMod = true
			else
				isNewsMod = false
			end if
		else
			isNewsMod = false
		end if
	else
		isNewsMod = false
	end if
end function
%>
 
	 <%
	 'AVVIO UN CASE PER SCEGLIERE IL TIPO DI AZIONE DA SVOLGERE
	 Select case request.QueryString("action")
	 
	 'FASE DI SEMPLICE VISUALIZZAZIONE DELLE ULTIME NEWS
	 CASE "", "all":
	 %>
     <div id="position">
      &raquo; <a href="admin.asp" class="testo">Control Center</a> &raquo; <a href="default.asp?modulo=news" class="testo">news</a> &raquo; <%=traduci("ling_news_89")%>
</div>
<div id="page">
<%
	 strSQL = "SELECT * FROM TB_NEWS_CAT INNER JOIN ( TB_NEWS_TOPIC INNER JOIN TB_NEWS ON TB_NEWS_TOPIC.IDTopic = TB_NEWS.IDtopic) ON TB_NEWS_CAT.IDcategoria = TB_NEWS_TOPIC.IDcategoria WHERE TB_NEWS.Stato = 0 ORDER BY TB_NEWS.Prior DESC, TB_NEWS.DataPub"
	 Set newsRS = addConn.Execute(strSQL)
	 if NOT newsRS.EOF then
	 For l = 1 to NEWS_HOME
	  if NOT newsRS.EOF then
	   If isADM(session("uID"), "news") OR isNewsMod(session("uID"), newsRS("IDcategoria")) OR session("livelloUser") = 2 then
		   news = newsRS("Ante")
			With response
		   .Write "<div class=""news"">"&vbNewLine
		   .Write "			<div class=""topnews""><b><a href=""default.asp?modulo=news&amp;action=cat&amp;id=" & newsRS("IDcategoria") & """ class=""testogr"">" & newsRS("NomeCat") & "</a>: </b>" & newsRS("TITOLO")&vbNewLine
		   .Write "				<br />"&chkDate(newsRS("Data"), " ", true)&"<br />"&vbNewLine
				   .Write "			</div><div class=""newscont"">"&vbNewLine
				   .Write "				" & news& ""&vbNewLine
				   .Write "				<a href=""default.asp?modulo=news&amp;action=topic&amp;id=" & newsRS("IDtopic") & """><img src=""" & newsRS("URLimg") & """ border=""0"" alt=""cat"" /></a>"&vbNewLine
				   .Write "			</div><div class=""footernews"">"&vbNewLine
				   .Write 				traduci("ling_news_02") & " <a class=""testo"" href=""default.asp?modulo=profilo&amp;nick=" & username(newsRS("Autore")) & """>" & username(newsRS("Autore")) & "</a>. (" & traduci("ling_news_03") & " " & voti(newsRS("IDnews")) & "| " & traduci("ling_news_04") & " " & commenti(newsRS("IDnews")) & " | " & traduci("ling_news_12") & " " & newsRS("visite") & ") <br />"&vbNewLine
				   .Write "			<a href=""admin.asp?modulo=news&amp;op=testnews&amp;action=del&amp;id=" & newsRS("IDnews") & """ class=""testo"">" & traduci("ling_news_34") & "</a> - <a href=""admin.asp?modulo=news&amp;op=testnews&amp;id=" & newsRS("IDnews") & "&amp;action=pub&amp;idcat=" & newsRS("IDcategoria") & "&amp;topicid=" & newsRS("IDtopic") & """ class=""testo"">Pubblica la news</a> "&vbNewLine
				   .Write "		</div></div>"&vbNewLine
		   End With
	   End if
	   newsRS.MoveNext
	  end if
	 Next
	 else
		 Response.Write "<p style=""text-align:center""><b>"&traduci("ling_occ_news_18")&"</b>"
		 Response.Write "<br /><a class=testo href=""admin.asp?modulo=news"">" & traducisys("ling_occ_117") & "</a></p>"	 
	 end if 
	 CASE "del":
	  set newsRS = addConn.Execute("SELECT * FROM TB_NEWS WHERE IDnews = " & request.QueryString("id") & " AND stato = 0")
	 if not isNewsMod(session("uID"), newsRS("IDcategoria")) AND session("LivelloUser") < 2 AND not isADM(session("uID"), "news") then
  		response.Redirect "admin.asp?modulo=news"
	  else	
		  set delRS = addConn.Execute("DELETE FROM TB_NEWS WHERE IDnews = " & request.QueryString("id"))
		  set delRS = Nothing
		  addConn.Execute("DELETE FROM TB_NEWS_COMMENTI WHERE IDnews = " & request.QueryString("id"))
	  end if
	  CALL autoReturn("admin.asp?modulo=news&op=testnews", 2)
	 CASE "pub":
     set newsRS = addConn.Execute("SELECT * FROM TB_NEWS WHERE IDnews = " & request.QueryString("id") & " AND stato = 0")
	 if not isNewsMod(session("uID"), newsRS("IDcategoria")) AND session("LivelloUser") < 2 AND not isADM(session("uID"), "news") then
  	 	response.Redirect "admin.asp?modulo=news"
     end if
%>
<div id="position">
      &raquo; <a href="admin.asp" class="testo">Control Center</a> &raquo; <a href="default.asp?modulo=news" class="testo">news</a> &raquo; <a href="admin.asp?modulo=news&amp;op=testnews" class="testo"><%=traduci("ling_news_89")%></a> &raquo; <%=traduci("ling_news_90")%>
</div>
<div id="page">
<form name="form1" action="admin.asp?modulo=news&amp;op=testnews&amp;action=uppub&amp;id=<%=newsrs("idnews")%>" method="post">
<input type="hidden" name="autore" value="<%=newsRS("autore")%>" />
<input type="hidden" name="data" value="<%=newsRS("data")%>" />

   <%=traduci("ling_news_23")%>
	<select name="cat" class="selectclass">
		<%
			set catRS = addConn.Execute("SELECT * FROM TB_NEWS_cAT")
			Do while NOT catRS.EOF
				response.Write "<option style='text-align:left' value=""---"" "
				call selected(catRS("IDcategoria"),request.QueryString("catid"))
				response.Write ">&raquo;" & catRS("nomeCat") &  "</option>"
				set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC WHERE IDcategoria = " & catRS("IDcategoria"))
				if not topRS.EOF then
					Do while NOT topRS.EOF
						response.Write "<option value=""" & topRS("IDtopic") & """ "
						call selected(topRS("IDtopic"), request.QueryString("topicid"))
						response.Write ">" & topRS("nomeTopic") &  "</option>"
						topRS.moveNext
					Loop
				end if
				set topRS = Nothing									
				catRS.moveNext
			Loop
			set catRS = Nothing
		%>
	</select>
	<br /><br />
   <%=traduci("ling_news_26")%>
   <input type="text" name="titolo" class="inputclass" value="<%=newsRS("titolo")%>" maxlength="50" /> <%=traduci("ling_news_76")%>
	<br /><br />
	<%=traduci("ling_news_36")%>
	  <select class="inputclass" name="prior">
	   <option value="0" <%call selected(0, newsRS("prior"))%>>Normale</option>
	   <option value="1" <%call selected(1, newsRS("prior"))%>>Alta</option>
	  </select>
	<br /><br />
	<%=traduci("ling_news_77")%>
	<select class="selectclass" name="lingua">
    <%
	  'Recupero tutti file dei themes e li raccolgo in un campo select
	  Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
	  Set objFolder = objFSO.GetFolder(Server.MapPath("lingua/"))
	  For each objFile in objFolder.Files
		%>
		<option value="<%=Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")%>" <%call selected(Replace(Replace(objFile.Name, "lingua-", ""), ".xml", ""), newsRS("Lingua"))%>><%=Replace(Replace(objFile.Name, "lingua-", ""), ".xml", "")%></option>
		<%
	  Next
    %>		
	</select>
	<br /><br />
    <%=traduci("ling_news_85")%>
	 <textarea name="ante" class="news" style="width:100%; height:80px;"><%=replace(newsRS("ante"), "<br />", chr(10))%></textarea>
	<br /><br />
	<%=traduci("ling_news_86")%>
    <br /><br />
	<textarea name="testo" class="editor" style="width:100%; height:400px;"><%=newsRS("news")%></textarea>
					<%
					Call creaComponente("editor","def")
 strSQL = "SELECT * FROM TB_NEWS WHERE IDnews = " & request.QueryString("id")
 Set rs = addConn.Execute(strSQL)
 setValue(rs("news"))
 Set rs = Nothing
%>
<script type="text/javascript">
 //CONTROLLO CHE SIA PRESENTE IL testo DEL COMMENTO
function test(){
		if (window.document.form1.titolo.value == ""){
			window.alert("<%=traduci("ling_news_18")%>");
			return false;
		}
		if(window.document.form1.cat.options[window.document.form1.cat.selectedIndex].value == "---"){
			alert("<%=traduci("ling_news_20")%>");
			return false;
		}

 }
</script>
<button class="buttonclass" onClick="test()">invia</button>
</form>
<%set newsRS = Nothing%>
<% 
 CASE "uppub":
 set topRS = addConn.Execute("SELECT * FROM TB_NEWS_TOPIC WHERE IDtopic = " & request.Form("cat"))
 categ= topRS("IDcategoria")
 set topRS = Nothing
 addConn.Execute("UPDATE TB_NEWS SET autore = '"&request.Form("autore")&"', news = '"&testSQLinj(request.Form("testo"))&"', ante = '"&replace(testSQLinj(request.Form("ante")), chr(10), "<br />")&"', titolo = '"&testSQLinj(request.Form("titolo"))&"', IDtopic = '"&request.Form("cat")&"', IDcategoria = '"&categ&"', Lingua = '"&request.Form("Lingua")&"', prior = '"&request.Form("prior")&"', Datapub = '"&DateToSTR(STR_TIME)&"', stato = '1' WHERE IDnews ="&request.QueryString("id"))
 CALL autoReturn("admin.asp?modulo=news", 2)
 End select
%>
</div>